<?php
session_start();
if(!@$_SESSION['username']) {
  echo "<script>window.location.href='login.php';</script>";
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<title>change password</title>
</head>
<body>


<?php
include_once('../../libraries/esaydb.class.php');
if($_POST['password2'] && $_POST['password']) {
	$name = $_SESSION['username'];
	if($_POST['password'] != $_POST['password2']) {
		echo "<script>alert('密码不一致');history.go(-1);</script>";//exit;
		exit;
	}
	$password 	= md5($_POST['password']);
	$db = new EasyDB();
	$sqlexits = 'select username from ob_user where username = ?';
	$bool = $db->querySql($sqlexits, array($name));
	if(!$bool) {
		echo "<script>alert('用户不存在存在');history.go(-1);</script>";exit(-2);
	}

	$set = array('password'=>$password);
	$where = array('uid'=>$_SESSION['uid']);
	$result  = $db->update('ob_user',$set,$where);
	if($result) {
		echo "<script>alert('修改成功');window.location.href='../../user-password-edit.php';</script>";
	}else{
		echo "<script>alert('修改失败');history.go(-1);</script>";
	}
}else{
	echo "<script>alert('no');history.go(-1);</script>";
}
?>
</body>
</html>
